All the Perl that's Practical to Extract and Report

Navigation

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Without JavaScript enabled, you might want to
use the classic discussion system instead. If you login, you can remember this preference.

Please Log In to Continue

Two reasons auth won't work. Firstly that Ralsky is going around cracking SMTP AUTH servers because of weak passwords - you can enforce AUTH all you like but you can't enforce strong passwords.

So you switch to keys, right? Well no, in the long term that won't work either. Witness the Swem virus - it prompts users for their username, password and SMTP servers and users *gladly* put that info in!

Bad security on user computers is one reason I think authenticating the servers is more important than clients.

Not to mention that is easier to deploy to the servers instead of forcing every client to upgrade their software.

When money is involved, the users would have an incentive to keep their accounts secure. If a breakin into an account results in a $100 charge and email being disabled for the rest of the month, then people might take the security seriously.

The involvement of money and more robust security means that it is easier to show what spammers are doing is illegal and illegitimate. Spammers try to claim that they are providing legitimate marketing tools. If the only way they can send email is to break into people's computers and steal their money, their claim are more obviously bogus. And the law can get involved.

Make sure all clients are neither spammers, nor insecure. Not an easy problem.

It takes large amounts of resources in terms of abuse desk costs, and support costs (if you shut down 200,000 users at an ISP because they run infected versions of windows, how much do you think that will cost in terms of support? Think 1 hour on the phone to each customer). And you have to offer that support because peopl